Kroll Cyber Security Blog – A Dialogue on Data Security

The average online computer user faces many security threats.  Users are commonly reminded to keep their operating systems up to date,  install virus software and firewalls, and have at least one anti-spyware program running at all times. Kroll investigators counsel members of our identity theft programs to reduce their fraud exposure to Internet threats with this advice. We also remind them not to fall victim to a false sense of security. Identity theft protection does not exempt consumers from following practices to reduce their likelihood of becoming a victim while online. When it comes to online safety, best practices involve avoiding questionable websites, using social networking safely and being stingy with personal information.   Now, we add to our list of advice “close inactive browser tabs.” Why? To prevent a relatively new phenomenon known as “tabnapping.” 

Ten tips for fax safety

As we discussed in the last two posts in this series, you can see how even mundane office equipment can pose a serious security risk. Part of the security battle here is simply understanding the issue, because the technology already exists to help you erase your fax or copier hard drive. So, are you safeguarding against what amounts to pure error?

As it turns out, there are several steps you and your staff can take to reduce the risk of misdirected faxes:

Faxes and copiers hang on to your sensitive documents a lot longer than you think

As if worrying about causing a data breach through simple fax error weren’t enough, there’s another menace lurking in your office equipment that can sabotage your security. Most copiers and fax machines less than seven years old contain hard drives or memory chips that can record and store any data sent through the machine; that is, any document you copy or fax.

Why your fax machine may be your worst security risk

Last week, a data breach made headlines in Canada, when a woman’s private medical information was faxed by her doctor’s office to a newspaper. It was no doubt a mistake; a simple case of a wrong number. The laws of probability assure it will happen from time to time, but unfortunately, this type of breach becomes more insidious when you look at the details. In some instances, it is hundreds of records that are faxed over a multi-year time span. And in those cases, oftentimes the doctor’s offices and government entities knew of the problem, but still took years to correct it.

The Ponemon Institute recently released its annual study on data breach for 2009, Cost of a Data Breach: Understanding Financial Impact, Customer Turnover, and Preventive Solutions.* For the fifth straight year, the average cost of a data breach increased – to $204 per compromised record, increasing the average organizational cost of a data breach to $6.75 million. But perhaps the most compelling departure from the average is within the healthcare industry.